[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Help on Condition ?
On Thu, 2008-12-11 at 07:03 -0600, Balaji Kannadassan wrote: > Hi All! > > I couldn't understand the use of condition tag :-(. Can someone > brief me on the same and it would be helpful, In the target part of a policySet/policy/rule you can only apply a restricted set of operations (the idea is that a target should be evaluatable efficiently), i.e. you can only compare a single static value with a single attribute value from the request/context handler. For example you can not compare two attribute values from the request in a target. A condition allows you to formulate ... well ... conditions more freely. Think of them as logical formulas that are evaluated with values from the request (and the context handler). If the condition evaluates to 'true' the rule is applicable and it's effect is returned to the combining-algorithm, if the condition evaluates to 'false' the rule returns 'NotApplicable'. Note that the condition is applied additionally to the targets of all ancestor elements, so it is not evaluated if any of those don't match. > BTW obligation is usually request rt in plain english :-), Why is > that it has been said that Obligation are must do kind of activities ? > just interested to know.. Sorry I don't understand that question. Could you explain? Regards, Ludwig Seitz -- Ludwig Seitz, PhD | Axiomatics AB Training & Development | Electrum 223 Phone: +46 (0)703 83 08 00 | S-164 40 Kista, Sweden Mail: firstname.lastname@example.org |